I work at the IT department of a large shipping company in the US and as of today we are getting a new wave of wanaCry infected computers. These are computers that DO NOT have the SMB exploit. It is even hitting computers that are in sleep mode that nobody has touched that we keep charged to hand out as temporary work stations while we are working on someone's computer.
So far only 2 computers of the dozens infected have shown the signature red pop-up demanding bitcoins, the rest have been bricked mid-encryption when critical system files begin disappearing. We have no idea how it is spreading or how it is able to hit computers that are asleep.
I am absolutely not supposed to be posting this here but we're fucked. This is not supposed to be possible. May God help us.
There were other tools leaked by the Shadow Brokers. Microsoft patched all of them except for some reason DoublePulsar, which is at the heart of all of this. Keep your shit up to date user.
Nathan Rodriguez
Stupid roleplayer.
Kevin Brown
Join us now and share the software; You'll be free, hackers, you'll be free. Join us now and share the software; You'll be free, hackers, you'll be free.
Hoarders can get piles of money, That is true, hackers, that is true. But they cannot help their neighbors; That's not good, hackers, that's not good.
When we have enough free software At our call, hackers, at our call, We'll kick out those dirty licenses Ever more, hackers, ever more.
Join us now and share the software; You'll be free, hackers, you'll be free. Join us now and share the software; You'll be free, hackers, you'll be free.
Ayden Bailey
strangely relevant to this thread
Jace Wilson
Oh great. Another wanacry thread. Its been almost 5 minutes, I was getting worried.
Samuel Miller
>rms will die in your lifetime
David Edwards
Like I said, It's not the SMB but the NetBIOS
Fuckers. Disable the NetBIOS services, Server service and set your network adapter settings > connection properties to ipv4 ipv6 only! (uncheck the netbios and other crap that is for the NSA)
Austin Diaz
rms and alex are buddies
Logan Evans
Zeroday confirmed? Make it happen.
Liam Ward
>overpaid button presser
go flip burgers or something.
Matthew Perry
That's why he's crying ;_;
Gavin Perez
>hitting computers in sleep mode
and that is when its confirmed you are terrible at making shit up
go back to the drawing board kiddo
Josiah Brooks
>I am absolutely not supposed to be posting this here but we're fucked. This is not supposed to be possible. May God help us. trying too hard
Samuel Russell
4/10, nice bait
Christian Fisher
Get Macbooks. Install macOS on PCs.
thank me later.
Justin Howard
Well it's your own fault for using MS "os". This doesn't surprise me. Exactly.
To run doublepulsar you have to run any of the Eternal* or one of the exploits listed under "use" in fuzz bunch.
You can't just point doublepulsar and expect it to bring a shell up, it's just another program to upload a payload. It's like saying that one can patch metasploit or any framework.
Jacob Allen
Right, but once you have a way to use DoublePulsar you have immediate admin access. There's no reason not to patch it.
Nolan Peterson
pics?
Chase Miller
Any new BTC addresses that are related to the malware?
Jeremiah Ortiz
>how it is able to hit computers that are asleep.
ME/AMT exploit? Do you have AMT configured by any chance? Or did you ever touch it (on many systems it seems to be active even if unconfigured)?
Colton King
Don't worry, user. We won't tell the police. *wink* *wink* *nudge*
Brayden Reyes
what os were they running on?
Michael Cruz
Bumping for interest.
Austin Phillips
NOTORIOUS HACKER AND CREATER OF RANSOMWARE WANACRY HAS BEEN IDENTIFIED.
HOW CAN HE KEEP GETTING AWAY WITH IT?
Chase Myers
Is it really hard to keep fucking updates on?
Dylan Young
I actually work at FedEx in Technical Logistics. You're full of shit. This isn't a thing.
David Hill
Please Jesus, let this be real
Austin Long
Leave them on so you can get the decryption key from memory.
Anthony Ward
...
Brayden Reed
You MS pajeets hate them don't you?
Aiden White
How was Trump dark-haired, and then somehow became blonde-reddish-haired later?
Carson Sullivan
Fuck Fedex, can't even get a god damn SIM card sent to me from ATT... FedEx lost the damn package in Memphis....
Oh and then there was that time the delivery guy lied about coming to my house and saying. I wasn't home. I convinced someone in mills river NC to get me over to his manger and the manager was PISSED. Dude was wrote hoch and disciplined.
Sorry excuse for a shipping company.
FedEx, you had ONE job.
Easton Morris
How will fizzbuzz help me avoid infection?
Jaxon Green
Imagine having a BYOD Policy in your company because the CEO is butthurt shitlord. >Raid backup >I NEED ADMIN RIGHTS ON MY LOCAL PC AND NEED TO HAVE UAC COMPLETELY DISABLED!!!
Eli Powell
wtf am I save on loonix?
Blake Sullivan
Imagine having a BYOD Policy because your CEO is a butthurt retard that doesn't wanna pay money for Up-to-date Hardware. >RAID 'Backup' >I NEED ADMIN RIGHTS ON MY LOCAL MACHINE OTHERWISE I CANT INSTALL USELESS PROGRAMMS AND NEED HELP WHEN I FUCK UP SOMETHING AND THEN BLAME IT BECAUSE THEY CAN'T FIX IT IN 5MINS!! >I NEED UAC COMPLETELY DISABLED OTHERWISE MY PRODUCTIVITY GOES DOWN THE DRAIN. have to leave asap
>"Yeah, I'm guilty of running FireFox as root. Shame on me - I should have known better." no cure for stupidity
Jack Powell
BYOD is fine for many use cases, and hardware's barely gone anywhere in years.
Angel Baker
>MS slowly increases lethality >release win 7 specific version >fuck shit up >release win 8.x specific version >fuck more shit up >go back and fuck more shit up on 7 >everyone runs scared into telemetry 10s teet
you watch
Alexander Young
sause or did not happened
Parker Diaz
Hey FedEx guy. Is my package still arriving on time?
Jordan Garcia
I can hear it in my head and it's making me uncomfortable
Juan Smith
M-MASAKA! I WAS IN CONTROL HERE?!
Brody Reed
Source? Wouldn't expect Alex to be friends with a filthy communist
Adrian Hall
Please enlighten us. BYOD is a fucking nightmare, even more on family owned business. I had a gig on one of those and one of the owners was extremely obtuse.
mfw you have to deal with some owner's smartass nephew's laptop just because he's from the family and tries to access the windows domain but doesnt want his $1500 unsecure device to be touched by the IT's filthy monkeys hands
Owen Diaz
Fuck off and try to know what you're talking about next time.
Jordan Jones
I wanna cry
Benjamin Allen
Sam Hyde again?
Ryder Hill
>windows IT problems never said BYOD + Windows was any good user
Ryder Campbell
by fuzzing the bizz before you get buzzed by the fizz.
Cooper Bell
>wanaCuck
Nolan Garcia
its all these damn games you're installing to the desktop!!!! youre grounded
Gabriel Perez
Simple. They were infected before you fixed the SMB bug and were waiting for the right moment to get activated.
Parker Diaz
Well, until you live on a mac/linux millenial perfect world, you have to deal with microsoft, which kinda defeats your argument, but lets bite: BYOD is a nice idea IF and ONLY IF your users are willing to cooperate with IT and not a bunch of entitled stupid assholes that thinks they know more about computer security than you
BYOD= your device + company's rules. simple huh? if you think it is, you have not dealt with enough users
Ian Lewis
>BYOD >Employer: "user, given that you brought your own device, I won't provide any work computer to you, just work on your own (nice savings for me, thanks btw). However, as you brought it to my premises, I hereby claim authority over your device and reserve the right to snoop through what you have on there and to install hidden surveillance software on it (thanks for all the data you share btw).
If they didn't have profits, they would never even have allowed (let alone have promoted) BYOD to become a thing.
Jason Ward
he sold his soul to the jews
Nolan Cruz
This. Maybe the domain registration they did, only delayed the execution or something.
*gives computer to sister*
Luke Evans
This is what you get for using microshit
Leo Morris
>not using USPS, the true american way to lose your packages
Bentley Cooper
No, genuine question. It's not uncommon for toddlers to have blonde hair which becomes darker later, but not the other way around. You don't have dark-haired middle-aged people's hair become fiery on its own. So it it fake?
Lucas Perry
>le Linux shill tactics
please stop, you're not even being paid like the Microsoft Pajeets.
Aaron Lopez
Who wrote this?
Jose Jones
FSF
Easton Clark
DoublePulsar is basically kernel malware. Without secure boot and the malware compromising the boot process + having kernel level access, it's difficult to remove or patch out.
USPS is way worse >send $100,000 check via priority mail >they lose it >no apology, just an "it happens" >they wouldn't even refund the fucking postage >have to get prior check cancelled/new one cut (fee for each) >ship it via UPS instead because they're more competent
Luke Thompson
Is this /quest/ now?
Parker Perry
Te lo meriti, sporco terrone
Dominic Jenkins
>lost the package in Memphis TN user here It was probably stolen don't blame FedEx
Jace Cook
youtube.com/watch?v=v-Q7Tmw85Xs When FedEx ships packages through Memphis, unless they originate or are destined for Memphis, they never leave the secure airport/FedEx world hub. Theft from there is basically non-existent.
Evan Lewis
>fake hair
Jayden Stewart
>I work at IT department of large shipping company in the US >Image provided is displaying the instructions on Italian >Wannacry uses system locale to display instructions on the OS language Either bullshit or OP works for the mafia
Lincoln Hill
Richard Stallman and Brian Eno
Gavin Gutierrez
>Company getting hit hard right where it hurts >Lets preemptively disclose a major issue before the quarter reports are required >Lets tell all our competition that we're getting fucked
You work at FedEx so I know you're fucking stupid, but holy shit this is next level
Ian Nguyen
This This This This This This
The malware doesn't announce itself immediately. It waits until its basically encrypted all your files FIRST, if it announced itself when its just encrypted 0.01% of your files you'd just pull your drive and save your data. That shit was probably lingering for a week or more, depending on how many files you keep on your machines.
>It's wannacry >But it doesn't spread like wannacry >And it doesn't encrypt like wannacry >And it doesn't pop up like wannacry So every ransomware is wannacry now?
Zachary Campbell
Does Malwarebytes ransomware thing work against this?
Noah Flores
Block Port 445
Hunter Bennett
Should i install this? There is no any telemetry?
Colton Powell
the same way redheads become blondes when they get old
Elijah Sullivan
TRIGGERED
Noah Brown
>didn't get insurance on the check
your own fault famalamadingdong
Bentley Lewis
CIA & NSA WAS A MISTAKE
William Kelly
The check is not worth $100,000 and UPS insurance rates are ridiculous relative to value. The check wasn't made out to cash so for $50 ($25 stop payment + $25 to issue a new cashier's check) was the actual cost.
I'm more pissed that they didn't refund the postage for an item they lost.
>no any Why do Russians always keep making this comical grammatical slip?
Cameron Long
Is OP's post even serious, or just a troll?
Thomas Collins
I'd not care at this point. You'd better disable some services and tasks afterwards.
Brandon Baker
So are you using money as a excuse for lack of basic security guidelines?
sensible chuckle.gif
Good luck safeguarding your business and R&D data, let alone preventing infections and miscellaneous security fuck ups. You are using a computer for work, in a workplace there are security rules to be enforced to prevent you getting harm or you harming others. Too much of a hassle? dont work there